Th< Hacker News 

mm 

z 03 I 




June 2011 - Issue 



Total Exposure Edition 

iue Qovm wo\l of me^cum wra^e secum 




Presented 6y : Mahit Kumai 



Dear Readers, 




Welcome to the third edition of the hacker news magazine. We want to thank you 60,000 times for each 
hit we received last month Magazine ! 



There are going to be some changes at THN in terms of how we disseminate information. We want to 
eliminate the magazine and just give you those great articles and interviews on the daily news page as 
they come up. 



This will be easier for us and better for you. Give us your feedback and let us know how you like the 
new format as it is developed. If there is something you want to see on our site, let us know. 



I hope you enjoy the news on the topic of "Total Exposure" I am personally blown away at the amount 
of hacking going on worldwide. It is exciting and frightening at the same time. 

What are your thoughts on this very important topic? We want to hear from you. 

Thanks again for your continued support. We appreciate it and look forward to continuing to give you 
the best and most reliable hacking news available. 



Sincerely, 

Mohit Kumar (Chief-in-Editor) 

The Hacker News 



Visit Our Oficial Site - www.thehackernews.com 

Email Id - thehackernews@gmail.com 
Facebook - http://facebook.com/thehackernews 
Twitter - http://twitter.com/TheHackersNews 
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BUILD IT THEY WILL HACK IT 



BY MDHIT KUMAR 
THE HACKER NEWS 



By now corporations and governments world wide have taken notice that their security sys- 
tems are at risk. Well, kinda. 

As you can see from this month's edition of theTHN, there is still an arrogance and attitude of 
"it couldn't happen to me." In the meantime, hackers all over the globe are getting into every- 
thing from email to top secret documents. 

It doesn't surprise me that the heads of corporations like Sony and government agencies like 
NASA have been slow on the uptake. For too long these people have been driven by greed 
and have acted with total impunity. 

No more. Because internet security has become the number one target of organized groups 
like Anonymous or 1 3 year old boys fooling around on the computer, every government, busi- 
ness, corporation, and personal computer is at risk. 

And, the conundrum for everyone is that if you can write a security program, someone can 
hack it. THN doesn't think it will be out of business soon because some government agency or 
billion dollar corporation thinks it can out smart the techies of the world. No, the real issue is 
how are institutions going to process information, secure and public that cannot be hacked 
into? 

Every era has had a name and this era is going to be named the Era of Hacking. This is the era 
when the dishonest and corrupt are being caught with their pants down and their phony fi- 
nancial reports exposed. 

The hero's of our world will no longer be gold star generals or presidents but faceless hackers 
with a weapon called the keyboard. 

THN has had the pleasure of sitting back and reporting the hacking news. We don't hack our- 
selves but we are the beehive for hacking information and trends in internet security. 
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We thank our loyal readers and welcome 
our newest. We invite heads of State and 
dignitaries all over the world to read and un- 
derstand they are at risk. World stability will 
come and I promise, not one shot will be 
fired. 

Welcome to the Era of Hacking. Welcome to 
Total Exposure. 



OK READERS, LET'S GET TECHNICAL 



\^ J : We need to talk about the breach of data in 

? , V y large organizations like SONY. Almost 14 at- 

■—Mil < j tacks on SONY in last two month by differ- 

f ent hackers. Hackers exposed almost 100 

million user's data using a small SQL vulner- 
ability or better said as "Developer's Stupid- 
-i ~ ity."The data leak is almost of no worth to 

- t m anyone, no one would have the time to do 

h ^ ^Sff ' ri* logins on millions of Users. The real affect is 

the blemish on the brand name SONY. Still 
there is a benefit SONY gets from all these 
hacks. They get free Auditing. YES ! Sony 
hackers actually help SONY to become the 
most secure brand in the future. Sony will definitely learn from all those security mistakes. 
Also, this hack becomes a lesson for others. Once SONY is back with patched sites and servers 
then it will be sure that they will be more secure than ever before. 



Another part of Total Exposure is the disclosure of various vulnerabilities and Odays.The Ex- 
ploit writers are the best hackers behind this job. They study the whole code, find the vulner- 
ability and make some automated exploits for that code. No doubt that these exploits are dan- 
gerous for the security of various users, but still the Developer of that product will get the Idea 
of vulnerability and they will develop other more secure systems. This is the rule of most secu- 
rity Development that "Until some hacker can't break your system, you will never think about 
more secure versions". 



In the past we (The hacker News) tried to contact some Admins of servers/sites about their 
vulnerability. But most of them never cared to respond because they thought that no one 
would hack them. I hate to tell them they are in for a big surprise. We decided to post all vul- 
nerabilities of various sites and products online, because until the vulnerabilities are ad- 
dressed seriously, everyone is at risk. 
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There are few questions that people have asked us in last few days and I would 
like to answer them: 



Q. Why do hackers love to expose things in public? 

A. Hackers! Exposing data is the base of security for them. Some hackers hack for fun, some for 
particular political aim, some for good causes like Wikileaks and some for revenge like Lulzsec. 
Everyone has a different motive and different natures of hacks. The exposure of someone's 
personal data is never a good thing, but we have exemptions. Let's let people decide that, 
who is wrong and who doing right! 

Q. What impact does hacking having on technology in general? 

A. In General, because of hackers total security development is impossible. They can make a 
big brand like SONY think again on their actions. They can help security researchers making 
STUXNET destruction products and they can help the police for cyber investigation like out 
whitehats do. Technology is the combination of good and bad things. 

Q. What is the greatest benefit in hacking information or the exposure of weakness in security 
systems or sites? 

A. Hacking for military or Country is always beneficial for one side. Hacking for fun can never 
be good for anyone, but if someone is hacking for destruction then that is the worst use of 
skills. STUXNET, the best botnet of last year, was developed by IRAN for destruction of cyber 
space of Indian and the US. The best benefit of hacking is that there is a lesson to be learned 
in positive way. Exposure of weakness has benefit for the administrator will come to know 
where his mistakes are. Weakness of systems also leads to more security research. 

Q. It appears without "hacking" internet security would not have been challenged and im- 
proved. Do you see hacking having any other value? 

A. Yes, this is right. Without hacking, internet security is really worthless. The job of a security 
expert should be always challenged. Only then will he/she will be able to learn more day by 
day. Even hackers hack for the same reason. They develop their skills by hacking real world 
servers/sites. Hacking is like a passion for kids these days. Everyone wants to know HOW TO 
HACK FACEBOOK OR GMAIL. Lolz ! Its really most irritating question asked to me by lots of 
people. 

Q. What lessons can everyone get from Sony Hacks & what are your Views about these 13 
Serial Sony Breaches? 

A. It is not exactly a new security measure that's necessary, but how Sony can manage the ex- 
isting security system effectively. Sony needs to run its management cycle remembering that 
security threats are variable. It gives hackers a chance to invade when businesses are relying 
heavily on security tools. If Sony hasn't learned the lesson, at least other businesses have. After 
Sony's incident, the number of inquiries from businesses to various security consultants in- 
creased. 

03 THN - Magazine | June 2011 www.thehackernews.com | Issue 03 



Q. Ha the Sony, RSA, HBgary and Other 201 1 breaches given some benefit to Security Re- 
searchers to analyze and study the Style/Talent of Hackers ? 

A. Yes, After SONY, RSA , HBGary and all other 201 1 breaches most security experts are now 
more alert in rechecking their attitudes toward security . They came to know that one small 
flaw like sql injection can become a reason to hack million dollar companies. Sony fights with 
George Hotz, but my opinion is that they should have hired him. Why not develop this hacking 
talent for legitimate purposes. Why make an enemy when you can have them on your side? 

Q. Do you feel that groups like Anonymous who hack for the purpose of exposing the criminal 
and corrupt side of corporations and government have value? 

A. Anonymous are hero's of 21 st century. Anonymous is the political movement of change for 
the 21 st century. Anonymous can and certainly will accomplish what many other political and 
peace movements of the past could not. When corruption, destruction and mayhem strike 
from governments or corporations it is the goal of anonymous to awaken that entity and the 
public that a change must occur. Given that, many will use the name Anonymous to perform 
acts of a criminal and malicious nature. By doing this it gives the real "Anonymous" a bad 
name. In fact, governments and corporations will try to retaliate against the false anon by re- 
stricting internet freedom and user capabilities. We must understand that the Anonymous 
who strives for political change and world peace must be free to work without the mistrust 
and misdeeds of others who tarnish their good work. As once was said, "change always comes 
bearing gifts." Anonymous is the gift we have been waiting for. Honest and trustworthy per- 
sons working hard on our behalf for the betterment of mankind. 

Q. Many people admire you and support The Hacker News. Did you ever think that you are 
missing something? 

A. It's really true thatTHN has become a successful Cyber awareness project in a small time, 
only because of our support from our readers. I would like to start some more projects in the 
future related to Security Labs that will help every beginner to advance. Also, sharing and 
doing research on Cyber Security. 

Q. Conversely, what do you think about the FBI and our criminal justice system in regards to 
hacking? 

A. In India we have strict punishments for cyber crime, but laws are not strictly applied to all. 
This is the same in other countries. Even in China, hacking has becomes part of the China mili- 
tary services. Lulzsec hackers hack PSB, SONY and even one FBI partner and they gave an open 
challenge to FBI. As of yet, the FBI has failed to identify the hackers so we can say that there 
are some faults in the justice system in regards to hacking. Millions of sites get hacked month- 
ly, no one cares about those. Even the administrator of the site re-uploads the backup and for- 
gets the defacing done by hackers. 

Q.The internet world is sorely unprepared when it comes to security. Do you agree and why? 
A. The best term is "No one is secure in this world". You can check our website for the latest up- 
dates of people being hacked. Most of them are hackers, security experts and big brand com- 
mercial names. 
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At last I would like to say "WAKE UP INTERNETWORLD!" Security sys- 
tems all over the globe are threatened and very few seem to under- 
stand what is happening. If the CEO's, Administrators, Presidents, and 
other heads of businesses and governments aren't demanding that 
their IT departments are re-evaluating their security systems, then 
they deserve everything the hackers give them. 

Hacking is here to stay. It will not go away quietly. It will not be elimi- 
nated. If a software engineer can write a security program believe me 
when I say a hacker can breach it. 



Written By : Mohit Kumar 
Edited By:Likha Patel 
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: Likha Patel 



We help you safely get th 

A nation under a well regulated government should 
permit none to remain uninstructed. It is monarchical 
and aristocratical government only that requires igno- 
rance for its support." Thomas Paine 

The United States Department of Justice has left no 
stone unturned in their ruthless attempts to uncover or 
fabricate evidence against Wikileaks founder Julian As- 
sange. Their goal is to charge Assange with conspiracy 
to commit espionage. 

If the United States is successful Julian Assange will 
become the United States convenient scapegoat, along 
with others like US citizen and Army Pvt. Bradley 
Manning. These two will disproportionately take the 
blame for the United States failed policies and crimes. 

Julian Assange has said that the long and cruel deten- 
tion and forthcoming US government prosecution of 
Army Pvt. Bradley Manning is nothing more than an at- 
tempt to "terrorize whistle-blowers" and that Pvt. Man- 
ning like himself is a victim of alleged government re- 
pression and mistreatment. "There is no doubt the U.S. 
government has tried to terrorize whistle-blowers 
into not revealing important information to the 
public," But Assange believes it has jL\ 
failed to have a chilling effect. imV 



e truth 



out 



Assange has stated that "Courage is 
contagious". And that Wikileaks has seen 
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dramatic increase in the number of sources willing to 
come forward," he also stated "Fear no doubt is also 
restraining their activities -but there is an increased 
supply of materials coming to us." He also said that the 
Manning's case and U.S. government threats to pros- 
ecute WikiLeaks have not slowed expansion of the or- 
ganization. 

All that Julian Assange has done is to be the messenger 
of information. The information disseminated by As- 
sange included diplomatic cables which revealed 
many United States failures and debacles beyond any 
doubt, along with prima facie war crimes and crimes 
against humanity and the revelation of the information 
has embarrassed the United States. Unfairly, Assange 
has already been labeled a "high tech terrorist" by the 
Vice President of the United States, Joe Biden, and 
Admiral Mike Mullen's claims that Assange might 
now have "blood on his hands". They both know 
better. 



It is a disgrace that many citizens of the United States 
and the world must be reminded that exposing corrup- 
tion and crimes is not breaking the law, but up holding 
the law. To prosecute whistle blowers like Wikileaks 
Julian Assange is a serious threat to democracy and 
sets a dangerous trend. We must understand that a de- 
mocracy must rely on a free press to inform its citizens 
and keep governments accountable to the people. 

In times past Julian Assange would have been hailed 
as a true patriot of democracy. So let's look at the man 
behind our information revolution who is now both a 
respected and reviled figure around the world. 



Julian Paul Assange was born July 3, 1971 in Austra- 
lia. Today he is the editor in chief of WikiLeaks a 
whistleblower website with a stated purpose of 
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creating open governments. WikiLeaks was founded in 2006. That year, As- 
sange wrote two essays setting out the philosophy behind WikiLeaks: "To radi- 
cally shift regime behavior we must think clearly and boldly for if we have 
learned anything, it is that regimes do not want to be changed. We must think 
beyond those who have gone before us and discover technological changes that 
embolden us with ways to act in which our forebears could not." In his blog he 
wrote, "the more secretive or unjust an organization is, the more leaks induce 
fear and paranoia in its leadership and planning coterie.... Since unjust systems, 
by their nature, induce opponents, and in many places barely have the upper 
hand, mass leaking leaves them exquisitely vulnerable to those who seek to re- 
place them with more open forms of governance." 

Assange is a prominent media spokesman on WikiLeaks' behalf. While newspa- 
pers have described him as a "director" or "founder" of WikiLeaks, Assange has 
said, "I don't call myself a founder"; he does describe himself as the editor in 
chief of WikiLeaks, and has stated that he has the final decision in the process of 
vetting documents submitted to the site. Assange says that WikiLeaks has re- 
leased more classified documents than the rest of the world press combined: 
"That's not something I say as a way of saying how successful we are - rather, 
that shows you the parlous state of the rest of the media. How is it that a team of 
five people has managed to release to the public more suppressed information, at 
that level, than the rest of the world press combined? It's disgraceful." He advo- 
cates a "transparent" and "scientific" approach to journalism, saying that "you 
can't publish a paper on physics without the full experimental data and results; 
that should be the standard in journalism." In 2006, CounterPunch called him 
"Australia's most infamous former computer hacker." The Age has called him 
"one of the most intriguing people in the world" and "internet's freedom fighter." 
Assange has called himself "extremely cynical". He has been described as being 
largely self-taught and widely read on science and mathematics, and as thriving 
on intellectual battle. 

WikiLeaks has been involved in the publication of material documenting extra- 
judicial killings in Kenya, a report of toxic waste dumping on the coast of Cote 
d'lvoire, Church of Scientology manuals, Guantanamo Bay procedures, the 12 
July 2007 Baghdad airstrike video, and material involving large banks such as 
Kaupthing and Julius Baer among other documents. 
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In 2008, Assange published an article entitled "The Hidden Curse of Thomas 
Paine", in which he wrote "What does it mean when only those facts about the 
world with economic powers behind them can be heard, when the truth lays 
naked before the world and no one will be the first to speak without payment or 
subsidy?" 



I strongly believe Wikileaks and the work Julian Assange has done is about free- 
dom and justice. Julian Assange is a brave defender of justice and freedom. He 
is a modern day Paul Revere willing to risk his life to inform the world of crimes 
and injustice. We are often cheated by powerful industries, corporations and 
governments who care more about profit than about people. Wikileaks, headed 
by Julian Assange has shown a bright light on the darkness of great power and 
their hidden shocking secrets. 



His website Wikileaks, founded in 2006, has so far selectively released around 
12,000 of more than 250,000 secret documents in has in its possession. All 
things considered, Julian Assange maybe correct when he gives credit to 
WikiLeaks and it's work with triggering a "year of miracles for journalism" that 
has enhanced the transparency of the U.S. and foreign governments and contrib- 
uted to the democratic revolutions sweeping across the Arab world. 



"What does censorship reveal? It reveals fear." 

Julian Assange 
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How Can You Tell If Your New Computer Security 
Consultant Is Really A Black Hat Hacker ? 

In the world of computer security there are times when the bad guys and 
the good guys are going to have to work together. In the case of Internet 
Security Companies it is usually the bad guy turning over a new leaf. 
The bad guys are tired of living their life looking over their shoulder and 
want to settle down. But how can they do that when the only skill set 
that they have is criminal in nature? They can offset that by getting a 
job with the people who they used to go against. 



When you are a computer security company you have two incentives 
for hiring a former black hat hacker. The first incentive is that they are 
very good at what they do. You cannot help where some of the best 
talent in your industry got their start. What really matters is what they 
are doing with it now. The second incentive for hiring someone who 
used to be a black hat hacker is that it is great to be able to have someone 
who was on the other side. 
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This way you know at least some of the tricks that the bad guys used to 
be able to pull off some of their attacks. It is the same theory as when a 
country is able to get a spy on the inside of their enemy's borders. There 
is nothing better than inside knowledge. 

But while having someone who used to work for the other side is filled 
with perks, there are also some dangers as well. You never know if the 
person that you have working for you is going to be totally reformed or 
not. Just like they have used their skills in the past to trick people on the 
internet, they might be doing the same thing to you. And that is what 
this article is about. I am going to talk about the signs to look for when 
you want to make sure that your reformed black hat hacker is truly re- 
formed. 

Their habits 

If you are looking to see if the person that you have hired to help with 
your network security has truly left their black hat ways in the past then 
the first thing you are going to have to look at is them. I am not saying 
that you or someone else has to follow them around. I am just saying 
that it is best to keep an eye out when it comes to anything suspicious in- 
volving them. 

The first thing that you want to monitor is their internet connection. 
While you should not be unfair and do anymore snooping on their ac- 
counts than you do anyone else, it wouldn't hurt to see if any of the sys- 
tems in your office have been logged into during off hours. Or to see if 
anyone has logged into those systems that are not supposed to. Someone 
who still has black hat hacker tendencies may let their curiosity get the 
better of them and try to access systems such as this. Also you want to 
make sure that all of the equipment is in the office. When a person is a 
black hat hacker they need a lot of equipment to conduct some of their 
activities. Make sure that none of your office equipment is being used 
for nefarious purposes. 
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Find out the type of attitude the person has 

Most black hat hackers tend to be anarchistic, or at least people who do 
not like restrictions put into place when it comes to them. See if you 
notice any of these tendencies in the person that you just hired. If those 
tendencies are slight then that might be just youthful rebellion. But if 
they are severe then that is something that you need to look into. 

Check online 

While you do not want to get into their private accounts at the job and 
snoop on them, there is nothing saying that you cannot look them up 
online. Find out their email address or any usernames that they might 
use and look them up in Google. Be aware though. Google has a service 
called Google alerts that might let them know that someone is doing a 
search on them. So do not go crazy when you are doing a search. Spread 
it out over a period of time. If the search leads you to any forums or IRC 
chats then take a look at see what you find. Remember the person has 
admitted to having a shady past so make sure that the items you are 
looking at are not old. 

In the world of computer security you sometimes need to hire people 
who have been on the other side. There are tons of good information 
that you can get from them. But make sure that you are careful when 
you do it. 

About the Author 

Lee Ives is an internet security blogger from London, England. He 
started his web site a couple of years ago as a means of communicating 
security topics to the average internet user in a way that they would 
understand. Contrary to some people's expectations he works in retail 
and not the security industry which goes to show how just about anyone 
can accumulate a great deal of knowledge about how to protect 
themselves online if they are prepared to look for the answers. 
Visit Him at : Security FAQs - http://www.security-faqs.com 
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SECURITY BREACH 

In this cyber age we are living under various 
threats. The threats possessed by cyber criminals 
can be more dangerous than nuclear warfare. It's 
jgfe like living with a loaded gun. 



gjjjjt :* Suppose all the doors in my house have deadbolt 

^ locks. I also use a burglar alarm system, but de- 

. : tj|* spite all these precautions a burglar used what 

^HBfcv -il*- techies would call a "brute force" attack to enter 

^tHhI ; ' my house. The burglar smashed his way through 

an all glass door with a metal rod so despite all 
these measures the bad guy got in. 
It's the same with protecting your computer. You can do everything to secure your comput- 
er but it's still possible for someone to infiltrate your computer. But as true as it is with my 
locks and alarm system good security on your computer can reduce the chance of trouble. 

In earlier days it was common for hackers to attack a password to enter a computer 
system. That is not done much anymore but it is still wise to use a password that is combi- 
nation of letters and numbers. Try to avoid words that can be easily guessed and are 
common in use. The method of creating a complex password is to use first letter of the 
words in line of poem . For example, "Twinkle Twinkle little star" would produce "TTls". 
To this we can add numbers before and after the word. This password is tough to crack. It 
is also necessary to change your password every six months or so. Schemers try to breach 
computer security by planting viruses or spyware on your computer. These bugs can arrive 
from shaddy websites or when you download free programs from websites. Often they 
come as attachments to email. Using a good antivirus can prevent them from harming your 
equipment. 

Wi-Fi is convenient way to share your home internet connection, however, always keep 
in mind i'ts good way for people to get into you computer. It's foolish to think that any secu- 
rity plan can be made bulletproof. I discovered that when the burglar came armed with a 
metal rod. But that did not cause me to start leaving my doors unlocked. It's same with 
computers, take every precaution to secure your data. 



Author : 

Shalabh Tewari 

Forum of Radical Computer Extremists. 
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Exploit Writers - Challenging Security Experts! 



What are Exploits? 

A tool developed by hackers that is used to perform malicious attacks on comput- 
er systems. They are usually scripts that are designed to exploit weaknesses in 
software over a network, most commonly the Internet. "Zero-Day" is a common 
type of exploit. 

How important are Exploits for Hacking ? 

You can hack in many different ways with many different procedures. Kevin 
Mitnick created hacking history with just a phone and a dream. Hackers, Exploit 
writers and Defacers are always the challenge for Security Experts and Compa- 
nies. 

An attacker can write exploits because of some misconfiguration, unsecure de- 
velopment and is lacking IT management. 

There are various Exploit Database sites available with thousands of Exploits. 
For example: 



1337 Exploit DB/ Inj3ct0r : http://www.1337day.com 
Exploit-DB : http://www.exploit-db.com/ 
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Exploit writers from all over world submit their latest exploits on these websites. 
Anyone can grab the exploit for personal usage and for more Research. 



Exploits are not always against Security, however, when security is breached this 
is the best way by which developers get free auditing and security testing of their 
services and products. So far in 201 1, almost every day there is a new big hack- 
ing case. The most recent and famous one is the SONY hacks. Hackers from all 
over world are trying to exploit the SONY sites, servers and products. To date we 
have noticed that 1 1 Serial attacks are done on the SONY network, including 
PSN, Ericson, and SOE etc. For more details you can visit our website 
www.thehackernews.com . 

Similarly, PSB.org also was hacked because of an Oday Exploit of MovableType. 
Hackers uploaded the shell and got access to the whole server of PBS with one 
security hole. 

Sometimes one small vulnerability can cause a major Security Breach. The 
above examples are enough to prove this. 

Today we are going to Introduce about 1337 Exploit DB or Inj3ctOr . Inj3ctOr is 
a hacking group that attacked the popular social networking site facebook with an 
sql injection attack in late 2009. They found vulnerabilities in one of the web 
apps through the url and managed to extract valuable information from the sql da- 
tabase. They also host a full-disclosure website much like milwOrm which is 
hosted by a user who goes by the name strOke. 

Later, strOke said "I have talked with a few friends and I'll be handing the site 
over so a group of people can add exploits / other things to the site. Hopefully it 
will be a new good start". This was the born of inj3ct0r. 

The website works by receiving emails from hackers who have discovered vul- 
nerabilities in web applications and written exploits to gain restricted access on 
the host/pc that the program/application has been installed on. 

Inj3ct0r.com was originally founded in 2003, by a hacker computer 
enthusiast.Initially, Inj3ct0r was a private team. Domain Inj3ct0r.com was regis- 
tered in 2008. The enormous database, the constant updates, the unique nature of 
the content published. 
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As we discussed Earlier that Inj3ctOr provides useful information to people who 
perform penetration testing, IDS signature development, and exploit research. 
This project was created to provide information on exploit techniques and to 
create a useful resource for exploit developers and security professionals. The 
tools and information on this site are provided for legal security research and test- 
ing purposes only. The project does not belong to the Turkish, American, Rus- 
sian, Chinese, Ukrainian etc hackers. 

THN : What is injector Team doing these days , what plans are there about forum 
and how these things will help beginners ? 

Inj3ct0r : inj3ct0r is not an institute for beginners. Forums and all are coming, 
look out for news alerts. 

THN : Most of the time we hear that the Injector admin belongs to Pakistan , is it 
true? 

Inj3ct0r : They may be and they may not be from that country. One of admin 
says -" Patriotism is the last refuge of a scoundrel." 

THN : If it is, then does region matter in team work? 

Inj3ct0r : No, it doesn't. If it does, it is not team work at all. Every inj3ct0r is like 
a free bird. They flock in groups but, rest in individual nests. 

THN : Is Exploiting a crime? Or does it help developers ? 

Inj3ct0r : There is a yin for every yang. If there are developers, there will be 

hackers! We are just balancing the equation with our existence. 

THN : Is exposure (via exploits,videos,tuts) important or not ? What is the good 
side of security holes exposure ? 

Inj3ct0r : There are 2 sides to every coin. It is important and it is not important. 
It depends on the person who is exposing and depends on the person who is ob- 
serving them. 
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THN : What are the benefits everyone can get with exposure of exploits, like from 
a developer point of view, from a hacker point of view, or for a learner/beginner? 
Inj3ct0r : Rectifying mistakes and making others rectify who haven't. After all, 
we are mere humans :) 

THN : It appears without "hacking" internet security would not have been chal- 
lenged and improved. Do you see hacking having any other value? 
Inj3ct0r : Hacking is as valuable as any developments. There is always a 'next 
level' in everything. I remember in 2002, SQL Injection was considered the most 
lethal practice and in 1998 DOS attacks were inevitable! As technology grows, 
we will grow too and as we grow, it will grow too :) 

THN : Is Exposure of Security Holes Important? What have you gotten from the 
experience personally? 

Inj3ct0r : Personal experience: Joy of outsmarting the smart ones! It is important 
and it is not important - the exposure I mean, depends on user on each end. 

THN : Do you feel that groups like Anonymous who hack for the purpose of ex- 
posing the criminal and corrupt side of corporations and government have value? 
Inj3ct0r : My replies will reflect my entire beloved team and also supporters. I 
would like to press the 'Skip' button :) 

THN : So many people admire you and support you. Did you ever think you 
would be a public figure held in esteem by many in your life time? 
Inj3ct0r : A Hacker is known by his level of stealth 'mode'. There is a saying, 
"Everyone knows a good hacker and he makes his folks proud about it but, no one 
knows about the best one, not even his folks. Fame would make me look more 
weaker to myself. 

THN : Conversely, what do you think about the FBI and our criminal justice 
system in regards to hacking? How would you write the laws governing this activ- 
ity? 

Inj3ct0r : I would sum it up in one line 'If someone is smarter than you, either 
learn from him or get yourself replaced'. There is no good guy and bad guy. Every 
human is un-refined, that's all :) 
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THN : The internet world is sorely unprepared when it comes to security. Do you 
agree and why? 

Inj3ct0r : Not just security, everything. But, as time goes, it teaches. 

THN : What message would you like to give the hacking community that is sub- 
scribing to this magazine? 

Inj3ct0r : Be a kid. Be sincere not serious, in whatever you do. If you don't enjoy 
it, you ain't doing it right. 



Happy MilwOrm 1337 Day 

Inj3ct0r wishes you a Happy MilwOrm 1337 Day ! ! ! Wishes to all Inj3ct0r users! 
Happy MilwOrm 1337 Day ! ! ! Underground users Unite ! It's our second birth ! 
MilwOrm was born on June 3 1998 , Let's Celebrate - Visit 1337day.com 
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Information Security Incident Management 
What Should We Not Do ? 

In recent times there have been several security incidents that have put the world 
on alert. Technology Giants have been hit and your personal data, your tastes, 
your interests and your habits have fallen into the hands of criminals. 
The aim of this article is to discuss some actions that have taken place in internet 
security and what things we should not do if we have to manage a security inci- 
dent in our organization. 

1 . Hide the Incident to our customers 

The first thought a company might have associated with a security incident is 
concealment. Nothing is worse than this if we want to prove that we have been 
diligent with our data and our customer's data. We must remember that personal 
data from our clients is not ours to own but to shelter. 



2. Increase the qualities of the attacker 

A situation that is occurring frequently is looking for ways to omit all the mis- 
takes that were committed by a lack of diligence, knowledge or otherwise in the 
the company's security system. When our security is breached the first ^^^^ 
thing has been to focus on the hypothetical characteristics of the '^■te 
attacker, always giving them much more sophistication ^^^^ J> 
than they really possessed. That is, increasing the _^^^fesfi ^^^B^***\ 
skill of the attacker to minimize our mistakes. ^flK. J}\ £^ 



JSP 
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"We have been victims of an attack of proportions never seen," "The attacker had 
very sophisticated knowledge"," was anonymous "etc, etc. Fess up and take re- 
sponsibility. You will create much less insecurity in your client if you do so. 



3. Describe basic security measures such as improvement plans following the in- 
cident 

Following the incident there is a presentation naming action plans to implement 
security measures that should have been implemented previously and that are 
really basic, for example: "We will implement a system of safety management 
based on ISO / IEC 27001", "We will use encryption techniques for personal 
data", "We will train our staff to provide incident response". Responses of this 
style can be found in the published 

statements of companies that have had their security breached, which does noth- 
ing but demonstrate the security weaknesses and negligence of what should have 
taken place at the inception. It is clear that any organization must comply with 
laws or regulations such as PCIDSS, SOX, or similar, and should have these 
kinds of security measures in place. 

4. Do not accept mistakes 

Something that seems so simple does not happen often. What the customer ex- 
pects more than excuses, concealment, and lies is that the organization communi- 
cates the incident on time, with sincerity and acceptance of the mistakes it may 
have committed. Thus, " We failed to take care of your data, we made mistakes, 
we ask forgiveness and we have all our resources available to cover the error and 
continue business safely and securely. " 

How many companies are willing to communicate this to their customers? 

5. Offer compensation that is not up to the incident 

In all that we have been discussing it should be added that in several cases there 
have been compensation plans for customers that really look ridiculous, such as, 
"Welcome Again" "Free Content for Ever", "Gold Memberships" and so on. 
When establishing such plans they should be prioritized by customer and should 
offer a compensation plan that really lives up to the impact caused. 
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6. Keep thinking that Incident Management is a minor issue and that only belongs 
to IT. 

Organizations that maintain this position are those in which managers have not 
yet interpreted the Information Security as a priority. Employees must manage 
risk and always know the security policy of their organization and business. If a 
company puts out a message such as, "We have appointed a new CSO (Chief Se- 
curity Officer) who will report to the CIO (Chief Information Officer)" this may 
cause deep misconceptions that affect the basic principles of security and internal 
control making the other employees feel they are not responsible for the 
company's internet security. 

# Does anyone think that after the PlayStation Network incident security man- 
agement is an issue purely technical and IT? 

# What do credit cards companies say? 

Another striking issue is that companies which are involved indirectly, such as 
VISA, MasterCard, American Express, etc. have not come forth with any com- 
munication in this regard. 

# Did not PCIDSS arise because of the security breaches that credit card compa- 
nies have had? 

# Would it have minimized the impact of the incident if SONY had complied with 
PCIDSS? 

How should we take the information security incidents? 

For now, incidents should be taken as something that will happen not may 
happen. What we need to do is avoid incidents. Incidents will be presented and 
what we must do is establish the mechanisms, processes and security measures to 
respond in a timely and diligent way. It will not be IT, but it will be the entire Or- 
ganization responding to an information security incident. Just as we learn from 
an error or mistake in everyday life (or at least we should), in the case of web se- 
curity incidents is essential to learn and improve. 

"We can't afford a second time 
without doing something to avoid it". 
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Implementing a management system based on security risks that the Organiza- 
tion is exposed to and looking at the legal and regulatory requirements, could be 
the way forward to start the continuous and diligent management as an organiza- 
tion must do to provide their customers and users safe and secure housing of 
their private information. 

"Information Security Management is 
not one time only or just because I have to meet it." 

References (Do not reinvent the Wheel): 

Below you will access the site www.privacyrights.org and see some of the 
breaches in recent years: http://bit.ly/jMaV8g 
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http://l .usa.gov/gQJhLd 

NIST: SP800-61 Computer Security Incident Handling Guide: 
http://l .usa.gov/gDPV4j 

ENISA: Good Practice Guide for Incident Management: http://bit.ly/mzwLqJ 

CERT: Handbook for Computer Security Incident Response Teams (CSIRTs): 
http://bit.ly/hAZVAx 

Information Security Cheat Sheet : http://zeltser.com/cheat-sheets/ 
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OUR CAUSE IS NOBLE 
OUR POWER IS PURE 
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Let's Talk with Anonyops 

A Le#&nd/ behind/ A nxynywunw 




Anonymous is the political movement of change for the 21st century. 
Anonymous can and certainly will accomplish what many other political 
and peace movements of the past could not. When corruption, destruc- 
tion and mayhem strikes from governments or corporations it is the goal 
of anonymous to awaken that entity and the public that a change must 
occur. We must understand that the Anonymous who strives for political 
change and world peace must be free to work without the mistrust and 
misdeeds of others who tarnish their good work. Anonymous is the gift 
we have been waiting for. Honest and trustworthy persons working hard 
on our behalf for the betterment of mankind.The Anonymous ,Need of 
21st century, Let's Talk with him : 

THN : Who is Ryan and what his matter with Anonymous. 
Anony_ops : Ryan was a network administrator and unreliable like many others. 
Basically, we knew Ryan would explode one day. He was like the Yellowstone 
Caldera, he occasionally had little outbursts and some people who knew him 
from before warned us that he'd had massive eruptions in the past. 

THN : Do you think there are more people like Ryan trying to break the 
Unity of Anonymous? 

Anony_ops : Yes. We have had lots of guys like him in the past and I bet there 
are still some lurking. But they will not do what he did. In my opinion what he 
did was stupid and it didn't achieve anything. 

THN : Is Anonymous or supporters of Anonymous behind the Sony Hacks? 
Anony_ops : Anonymous IRC (AnonOps) is not involved in the Sony hacks al- 
though since being Anonymous, many people can create their own bases (cells) 
and work on their plans. So maybe Anonymous is involved in it or maybe not? 
We will never know. But I can tell you that they definitely took advantage of the 
whole Op Sony situation. What I would suggest is that whenever Anonymous 
does something big, we brag about it. The fact that we denied it is a strong indi- 
cator that we didn't do it - if we had succeeded in breaking into their servers, we 
would have been gloating about it all over the internet. 
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It was quite clear that no one knew what was going on with Sony and Sony 
blamed us for their shitty security intrusion. Further, the people that actually 
participated in the intrusion saw that they could use Anonymous as a scapegoat 
but we would have kept the "Anonymous" tradition and not have left our motto 
in a single file, we would have left it in something along the lines of 9001 files. 
So to answer your question, we want a apology from Sony. They have no cred- 
ible proof that the offenses were committed by "Anonymous" only what some 
copy cat left there causing confusion in the reports. Because of that we were 
subsequently harassed by a misguided and misinformed Sony who then started 
clogging up our servers. 



Quote: <evil> some people will take advantage of it for their malicious shit. 

THN : Tell us something about the Spanish Revolution 

Anony_ops : You better ask this to Spanish Anons, I have no right to answer this 

because I'm not the right person. Sorry about that. 



THN : What are the other operations recently born in various parts of 
world? 

Anony_ops : There are over 9000 operations which are on-going right now. 
Some are #OpGreece, #OpSpain, #OpSpain, #OpMexico, #OpColombia etc. 



Visit our IRC for more details. :P 




DpColombia et 



THN : Is there any core team of Anonymous or is your every decision and 
action independent? 

Anony_ops : There is no core team of Anonymous. If you are pointing towards 
Network Operators then well, there are just network operators and they manage 
all the tech stuff. They don't get involved in Anonymous' work and operations 
except to keep IRC channels free from trolls, spammers and bot attacks. Our de- 
cisions and actions are based upon people's will and teamwork. What we do in 
IRC is communicate with each other, form a plan and get as many people in- 
volved, of course anonymously, and we all vote on a specific action. Seems 
simple? It's NOT. lol So, our every action is a collective decision. 
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THN : Everyone knows that Anonymous is against injustice, corruption, 
and abuse of government power. How much are you satisfied with your own 
effort regarding this great responsibility? 

Anony_ops : I am very much satisfied with what I am doing. What I do is carry 
the information and expose it to the public which otherwise would be very diffi- 
cult for the public to get. You can call me a bastard Anon or whatever. I don't 
give a shit. We only do it for the Lulz. Anonymous is not a secret anymore, in 
times of pain and suffering, your ignored neighbor could be your helping hands 
and a light of hope. I think Anonymous represents hope for mankind because 
people have had enough with these criminal organizations, establishments and 
governments. They are fed up with their laws and wars. They've sacrificed 
enough. It's time for people to unite and act as one and what I'm doing is playing 
some part in that. So I'm very proud. I wish everyone could become Anonymous 
and serve their fellow brothers and sisters. Being an anon is being yourself first 
then sj^M^^^j^^^^^^^ 1 I ^^^^^^^^^J^^^^ 

THN : Anonymous are basically Activists. Are hackers also supporting you 
to make it Hacktivism? 

Anony_ops : Yes. They work independently and sometimes under certain cir- 
cumstances they work within the hive. As you well know, aside from the public 
rally's, Anonymous has also taken part in many online operations, most of which 
needed the use of hackers to accomplish what was needed. A great deal of Anon's 
submit themselves to the LOIC Hive, faxing and other methods but some web- 
sites, like the US Chamber, needed more then that, which is where the hackers 
have come in. The fact that they do this is to further our strength as Anonymous, 
and many of them, whether they have help from the Anon's or they do it single 
handed, will give full credit to Anonymous, because they feel the cause is just. 
So yes, to answer your question, hackers are supporting us and with every new 
operation it gives us a stronger grasp on the "Collective" that is Anonymous. 

THN : What are the other issues on your list that may become the next 
Revolution? 

Anony_ops : Operations are dependent upon their motives and their importance. 
Anyone's free to start any operation but valid ops with valid reasons are sup- 
ported by all Anons and that's how they move forward. 
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THN : the issue with NATO and does Anonymous plan something against 
NATO? 



Anony_ops : In my opinion NATO is just following the footsteps of the Penta 
gon idiots and the IRC (people) are yet to decide the action to take against them. 
But we won't fire first! 

THN : Major Security Breaches of 2011 are related with Anonymous. Is this 
diverting the style of Anons work? 

Anony_ops : There are so many anonymous cells now that no one can keep 
track of them. But one thing is for sure, the smegma is out of the bottle... try stop- 
ping it. Anonymous is worldwide from every continent and every country. There 
are literally 100's of IRCs which are now dedicated to anonymous. I really don't 
know what the future holds for Anonymous but what I can tell you for sure is I 
will be tweeting about them. :) 



THN : Any message for the World from THN Platform? 
Anony_ops : This is to all human beings on this planet: Share and keep infor- 
mation free because it is our only life line to the future. To the crooks in govern- 
ments and corporations I can only say, you're done. There are no more secrets. 
You can't hide from Anonymous. We know what you are doing and we have 
made it our mission to expose you. People from time beginning have fought in- 
justice but they haven't had the right weapons. We do now. Remember this: 



WE ARE ANONYMOUS 
ANONYMOUS IS LEGIO] 
WE DO NOT FORGET 
WE DO NOT FORGIVE 
EXPECT US 



*7 
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lot ad exposure 

Password Secrets of AppCc Safari 



Introduction 

Safari is one of the top 5 browsers known for its innovative look and 
feel reflected in every product of Apple! It offers one of the best 
ways to read online, greater support for HTML 5, and other new fea- 
tures that make the web even bett 



4 




Satari 5 




Introducing Safari 5. 



Like other browsers, Safari also comes with built-in 'password 
manager" feature for securely storing and managing the user's web 
login passwords. 

This article is set to expose - in first ever public disclosure - pass- 
word secrets of Safari including the stored password location, en- 
cryption algorithm and code for decryption of stored passwords ! 
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Safari Password Storage Location 



Safari features good password manager with better security model 
and encryption algorithms to keep it as much as secure as possible. 
Unlike other browsers such as Firefox, Chrome, you cannot see the 
stored passwords in Safari. 

You can enable or disable the Safari password manager by toggling 
the option through "Settings -> AutoFill -> Usernames & Pass- 
words" (as shown below). Once enabled Safari will prompt to save 
the password for every website login for the user. Upon confirma- 
tion, website URL along with username & password are saved to 
secret password file. 



AutoFill 



jl3 a e - 

Genets! Appearance Bookmarks Tabs 



Sal & W ^ 
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Safari stores all such web login passwords at a secret fde named 
'keychain.plist' at following location (based on platform) 
[Windows XP] 

C:\Documents and Settings\<username>VApplication Data\Apple 
ComputcrVPreferences 

[Windows Vista & Windows 7] 

C : \U se rs\<u s • r n am e>\ AppD at n v R m in gVApple 

Computer\Preferences 
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Safari stores the contents of 'keychain.plist* in 'Binary Property List 1 
file format - variation of Property List [Reference 1] format used by 
Apple for storing binary data. 
Here is how a typical 'keychain.plist' file looks like, 
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Decoding the Safari 'Keychain* Secrets ! 
Looking at above 'keychain file' content, there is hardly anything 
you can make out. Only hint that you get here is the "bplist* keyword 
at the beginning of file. 

After long search hours on 'bplisf keyword, I finally figured out the 
way to decode its content to plain XML file. Apple provides the tool 
called 'plutil.exe 1 for playing with these 'Property List' files. You can 
find this console tool at following location } 

[Windows x86] 

C:\Progriim Files\Common Files\Apple\Apple Application Support 



[Windows x64] 

C:\Program Files (x86)\Conimon Files\Apple\Apple Application 
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Here is the command to covert cryptic 'keychain.plist' file to easily 
readable 'keychain.xmT file 

plutil.exe -convert xmll -s -o c:\keychain.xmi 

" c :\u ser s\admi n i strator\appdata\roam i n g\app 1 e 

computer\preferences\keychain.plist M 

This is how it will look like after decoding to XML file 
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<?xml veraion»"l .0" er.ccdir.g = "yTF-S*?> 
<!DOCTYPE plisc PUBLIC "-//Apple//DTE 
Q <plist version»'*1.0 , '> 
<dict> 

<key>versioni</ key> 
<array> 
<dict> 
/ <feiy>Aecount<:/key> 

<3Ering>te3Xgitail</3Crir.g> 

< Ice y >Au t he n t 1 ca 1 1 onType < / ke y > 
<mteger> IS 362 161 66</ integer > 

< ke y > Coirare r. z < / ke y > 
<stnng>def auls</a trlng> 
<ieey>Data</key> 
<data> 

AQAAANCMhdSBFdER j HoAwE/Cl +3BAAAAS YKy»QaClEK4WHRr S 3bF 
F<jAAAAACAAAAAAAQZgAAAA£AACAAAACVNITav7HufW2NgYLPt7hI 
R7DbI r0wXI7eWtH!:K6SlUwAAAAACgAAAiA: AAr^AAiCI.'Aicl V 
TSn£ iwl 4AHT/lYSLoxKg2ggcSr.d j SVJcci JAAAADnlRDJSBw03 Pco 
Y 2 YHdo SHeXkME YYf Z rKLQSBpZZ/ Y6 1 F7 z OxEc 8 Zxc t txRB7RVSSir. 
OIQAXzz2U^3SvX+f Zwr:p2S3byFQv-i>EUEiZ4Sk0cq4gXuBcty5K^3 
L3bhA3 aSEeN3I2sLWAQ3GA/QDYXTNDE2xItef gl Iu2 JQTUiODobAO 
aK/OAwCS+gSc0yrMwVyI3^JVAAAAr.s/zd6fLldu7n/RZ9iksCr.N/ 
pBlVyaDAUIyQnuP»A3F/LplagRlg91ehbrDloeAU3pJuGCFC7rNl 
QAa/KTFESA" 
</data> 

< key>Descr ipt ion</ key> 
<3crmg>wefc font passwords string > 
< key>Label</ key> 

<atrir.g>v-«v. google . cor- ( teatgmail) </atring> 
<key>Path</key> 
<string></3tring> 
<kcy>Port</ key> 
<mteger>0</integer> 
<key>Prococol</key> 
<ir.teger>l"52 4€1^27</ir.teger> 
<key>5erver</key> 
<»cring> www. google . corf</string> 
</dict> 



ht tp : / /www - ap 



so 



THN - Magazine | June 2011 




www.thehackernews.com I Issue 03 



Internals of Safari Encryption Algorithm 
The generated XML file (as shown above) contains encrypted pass- 
word data along with website URL and user login information. This 
stored password data is encoded using BASE64 algorithm. 



Note that original password data stored in 'keychain.plist' file is not en- 
coded with B ASE64, When we convert it to XML using Plutil tool, the 
encrypted password data is further encoded with BASE64 format. 



Once you decode the password using BASE64 you will see original 
encrypted password data. Safari uses standard 'Windows Data Pro- 
tection' mechanism (DPAP1) [Reference 2] to encrypt the password 
data with user isolation layer. Windows DPAPI provides functions 
like for easy 

encryption/decryption of user oriented sensitive data such as pass- 
words. 



Safari uses CryptProtectData [Reference 3] along with static entropy 
(salt) to securely encrypt all website login passwords. Finally it is 
stored in the 'keychain.plist' file along with other user login informa- 
tion. 

Decoding & Decryption of Safari Password 
As mentioned in previous section, successful Safari password recov- 
ery will require following 2 steps 

1 . Base64 Decoding of password data from XML file 

2. Windows DPAPI decryption of encrypted data 



First you have to use standard Base64 decoder algorithm [Reference 
5] to get original password data from encoded password bytes in 
XML file. 



32 THN - Magazine | June 2011 



www.thehackernews.com I Issue 



After that we have to perform decryption of this encrypted password 
data. In order to decrypt this encrypted password data we need to 
figure out salt data used in CryptUnprotectData. Here is the salt data 
that I found during my reverse engineering work, 
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cob. apple. Safari 



Entire salt generation algorithm and decryption functions are within 
the Apple shared library 'CFNetwork.dll 1 which is present at following 
location, 

[Windows x86] 

C:\Program Files\Coinmon Files\AppIe\Apple Application Support 
[Windows x64] 

C:\Program Files (x86)\Common Files\Apple\Apple Application Sup- 
port 

Here is the disassembly ofCFNetwork.dll from IDA Pro Disassembler 
[Reference 6] showing the location of salt generation & decryption 
function 
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Initially salt generation algorithm appeared to be dynamic but after 
few reversing session on different systems my doubts cleared and it 
was just static data. Salt data is of 144 byte size and ends with stan- 
dard signature pattern as 'com. apple. Safari' as shown in the above 
screenshot. 

Once you get hold of the salt data, the encrypted password can easily 
be decrypted using CryptUnprotectData function [Reference 4] as 
shown below, 



x48, 0x3E, 0x4! 



t4F, OxOF, 0x41, 



>, 0xE7, 0x27, 0x75, 



:)xPl. 0xC8, OxAA, 0x75, 



60, OxOB, 0x71, OxOE, 0x68, 



BYTE salt[] = { 

Ox ID, OxAC, 0xA8, 0xF8, 0xD3, 0xB8, 0x48, 0x3E, 0x48. 0x7D, 0x3E, 0x0 A, 0x62, 0x07, 
OxDD, 0x26, ^^^^^^^ ^^^^^^^^ 
0xE6, 0x67, 0x81, 0x03, 0xE7, 0xB2, 0x13, 0xA5, OxBO, 0x79, O.xEE, 0x4F, OxOF, 0x41, 
0x15, OxED, 

0x7B, 0x14, 0x8C, 0xE5, 0x4B, 0x46, OxOD, OxCI, Ox8E, OxFE, 0xD6, 0xE7, 0x27, 0x75, 
0x06. OxSB, 

0x49, 0x00, OxDC, OxOF, 0x30, OxAO, 0x9E, OxFD, 0x09, 0x85, OxFL, 0xC8, OxAA, 0x75, 
OxC 1,0x08. 

0x05, 0x79, 0x01, 0xE2, 0x97, OxDS, OxAF, 0x80, 0x38, 0x60, OxOB, 0x71, OxOE, 0x68, 
0x53, 0x77, 

0x2F, OxOF, 0x61, 0xF6, Ox ID, 0x8E, 0x8F, 0x5C, 0xB2, 0x3D, 0x21, 0x74, 0x40, Ox4B, 
0xB5, 0x06. 

0x6E, OxAB. Ox7A t OxBD, 0x8B, 0xA9, Ox7E, 0x32, 0x8 F. 0x6E, 0x06, 0x24, 0xD9, 0x29, 
0xA4, 0xA5, 

OxBE, 0x26, 0x23, OxFD, OxEE, OxFl, Ox4C, OxOF, 0x74, Ox5E, 0x58, OxFB, 0x91, 0x74, 
OxEF, 0x91, 

0x63, 0x6F, 0x6D, 0x2E, 0x61, 0x70, 0x70, 0x6C, 0x65. 0x2E, 0x53, 0x61, 0x66, 0x61, 
0x72, 0x69 

}; 

DATA BLOB Dataln. 
DATA BLOB DataOui: 
DATA BLOB OprionnlEnrmpv; 

Dataln. pbData = byte Enc Buffer; //encrypted password data 
Dataln. cbData = d wEncBu lTerSize ; //encemttki password data size 



pv.pbE 



OptionalEntropy. pbData — (unsigned char*)&salt; 
OptionalEntropy. cbData = 1 44; 
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iff CryptUnprotectData(&DataIn, O f &Optiona!Entropy, NULL, NULLA &DataOut) = 
FALSE ) { 

printfC'CryptUnprotectData failed = 0x%.8x" 1 GetLastErrorO); 
return FALSE; 

} 

//Decrypted data is in following format => Password Length [4 bytes] + Pass Data [] 
BYTE *byteData = (BYTE *) DataOut.pbData; 
DWORD dwPassLen = byteData[0] ; W 
memcpy(strPassword, &byteData[4], dwPassLen); 
strPassword[dwPassLen] = 0; jm 
printf( n Decrypted Password %d - %s M s dwPassLen. BtrPassword); 



Above program initializes the salt data and then passes it to CryptUn- 
protectData along with decoded password data to finally get the de- 
crypted data. First 4 bytes of this decrypted data contains length of the 
password and then follows the password in clear text! 
That is all it takes to successfully decrypt the Password from Safari 
Store! 



Recovering Safari Passwords using SafariPasswordDecryptor 
SafariPasswordDecryptor [Reference 7] is the FREE software to auto- 
matically recover website login passwords stored by Safari web 
browser. It helps in instantly decoding and decrypting all the stored 
website login passwords from Safari Keychain file. 

Gg^BBSgS^HH^H^^^^E^ggl It presents both GUI as 

|BBM3!mBREP! well as command line in- 

^B^S, Safari P*iiword Rccoveiv Software *\ I r 1 * 1 * 

terrace, tne later is more 
^^^^^^^^^^^^^^^^^^^£^~ helpful for Penetration 
; »~'^ |^^L::i i^^^mi'^m^^^ testers in their work. 
t '^rr^ ^M^^gi ZTT^M ^Wp^I^^^M! Apart from normal users 
^^^^■■■■^^^^^■^^^g^H| who can use it to recover 

B^H^H^^^H585^^^HS^H^5S! me * r ' ost Password, it can 
I^H^HS^H^ES^^H^^HM^H^^HB come ' n bandy for Foren- 
^^^^^^^^^^^^^^^^^^^^^H I sic 
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SafariPasswordDecryptor works on most of the Windows platforms 
starting from Windows XP to latest operating system, Windows 7. 
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Hacked . Hacked Again . Hacked Again & Once Again ! 



George Hotz vs SONY 

George Hotz, who previously has successfully hacked an iPhone (1G) and the most amazing thing about him that Spending 
5 weeks to successfully hacking the PS3. 



It's been about 3 years of time the PS3 remains unhacked. But George Hotz spent 5 weeks to hack it. The Hacked PS3 will 
be able to read any type of disc that you throw in, and allow pirated games to be played smoothly. This attack is very 
useful for those persons who sell pirated games through black marketing..!! 

Sony's legal dust-ups with PS3 modders George ? GeoHot f Hotz and GrafChokolo have earned it the ire of the ? hacktivist f 
group known as Anonymous. 

Operation Sony, the retaliation is part of Anonymous* Operation Payback; an initiative which seeks to disable websites be- 
longing to perceived opponents of free-rights content with distributed denial of service attacks (DDoS). The unidentified 
group claims Sony violated basic free-use freedoms when it sued GeoHot and arrested the German hacker Graf Chokolo 
for allegedly engaging in PS3 jailbreaking activities. 
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Over the last two months, the multi-national Sony Corporation has come under a wide range of attacks from an even wider 
range of attackers. The backstory about what event prompted who to attack and why will make a mediocre made-for-TV 
movie someday. 

Sony Time Line 

2 April: Anonymous, the online activist collective, begins Operation: Sony, a series of denial of service attacks on Sony web- 
sites that it says are in defence of free speech. 

11 April: Sony announces the case has been settled out of court and that George Hotz has agreed to take down his website. 
13 April: Anonymous says it will intensify its attacks and calls for a day of protest on 16 April. "In the eyes of the law, the 
case is closed, for Anonymous it is just beginning... prepare for the biggest attack you have ever witnessed, Anonymous 
style," it says in a video message. 

16 April: Hackers break in to Sony Online Entertainment, the firms PC gaming service and steal 25 million users' personal 
details. Around 23,400 European users' credit card or direct debit details may also have been taken. 

17 April: Hackers break in to the PlayStation Network and steal 77 million users' personal details. 

19 April: Sony detects the PlayStation Network breach. 

20 April: Sony shuts down the PlayStation Network, publicly citing technical problems. 

26 April: Sony publicly discloses the PlayStation Network breach and says it has called in the FBI. 




4 May: Kazuo Hirai, Sony's chairman, tells a US Congressional committee that the hackers left a calling card implicating 
Anonymous. Investigators found a file named "Anonymous" with the motto "We are Legion. He also says the collective's 
denial of service attacks made it easier for the hackers to breach security. "Security teams were working very hard to defend 
against denial of service attacks, and that may have made it more difficult to detect this intrusion quickly - all perhaps by 
design," Mr Hirai says. 

4 May: A press release purporting to come from Anonymous denies credit card theft but does not directly deny hacking 
Sony's systems or stealing personal data. "We are trying to fight criminal activities by corporations and governments, not 
steal credit cards," it says. 

5 May : Hackers announce to give 3rd big hit to sony soon ! 

7 May : Sony succumbs to another hack leaking 2,500 "old records". This information was available via a Sony website and 
indexed by Google. 

20 May : Phishing site found on a Sony server noticed by F-secure. 

21 May : Sony Music Indonesia Defaced By k4L0ng666. 

22 May : Sony BMG Greece the latest hacked Sony site. Apparently done via SQL Injection. Pastebin dumpRecords 
Breached: 8,500 usernames, email addresses, phone numbers and password hashes. 

23 May : LulzSec leak Sony's Japanese Websites.SQL Injection in www.sonymusic.co.jp . Database do not contain names, 
passwords or other personally identifiable information. 

May 24 : Sony Ericsson Got Hacked by Idahc - Lebanese hacker via SQL Injection Idahc dumped 1,000 of the cords to 
http://pastebin.com/4YGAWxQZ (since removed). Records Breached: Email addresses, passwords and names of 2,000 
users. 

26 May : 4.5 million records exposed by Lulz. Sony hackers deny responsibility for misuse of leaked data Records breached: 
Over 1,000,000 users' passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords. 
Information taken from Autoloader users database, Summer of Restless Beauty users database, Sony Wonder coupons da- 
tabase, Sony Wonder music codes database, Seinfeld Del Boca Vista database. 

2 June : Sony BMG Belgium (sonybmg.be) database exposed & Sony BMG Netherlands (sonybmg.nl) database exposed. 
2 June : Tim Schaaff, President of Sony Network Entertainment International Witness Testimony (PDF) "Sony Network En- 
tertainment and Sony Online Entertainment have always made concerted and substantial efforts to maintain and improve 
their data security systems." 

39 THN - Magazine | June 2011 www.thehackernews.com | Issue 03 




3 June : Dump of the apps.pro.sony.eu database via SQL InjectionRecords Breached: 120 names, phone numbers and e-mail 
addresses. 

5 june : Sony Pictures Russia (www.sonypictures.ru) databases leaked. 

6 june : Sony Music Brazil Gets defaced. A Sony Entertainment website just got hacked. A group of hackers by name "The 
UnderTakers" were able to take down Sony Music Brazil, which is down for more than 12 hours 

It is not exactly a new security measure that's necessary, but how Sony can manage the existing security system effectively. 
Sony needs to run its management cycle remembering that security threats are variable. It gives hackers a chance to invade 
when businesses are relying heavily on security tools. If Sony hasn't learned the lesson, at least other businesses have. After 
Sony's incident, the number of inquiries from businesses to various security consultants increased. 

After SONY breaches most security experts are now more alert in rechecking their attitudes toward security. They came to 
know that one small flaw like sql injection can become a reason to hack million dollar companies. Sony fights with George 
Hotz, but my opinion is that they should have hired him. Why not develop this hacking talent for legitimate purposes. Why 
make an enemy when you can have them on your side? 
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# THN Report : ACER hacked because of their own stupidity ! 

You have to wonder about people who put things on their websites that invite people to hack into them but this just 
happened to ACER as they posted an FTP allowing the Pakistan Cyber Army to hack away the information of users! 
: Read More ~ http://tinyurl.com/3bh3jqv 



# HOW SWEET IT IS! 



Operation Cupcake : MI6 hacks al-Qaeda website ! British Intelligence gave Al-Qaeda a sweet surprise by replacing 
a bomb making recipe with a cupcake recipe. Gotta love those Brits! : Read More ~ http://tinyurl.com/4xah6oh 



# DON'T CALL A WAR UNLESS YOU MEAN IT. AND WE MEAN IT FBI! 

Lulzsec hack Infragard Atlanta Members Alliance & challenge FBI ! After the FBI said that hacking was an act of war 
hakers hacked into a FBI affliate website and blew their cover. : Read More ~ http://tinyurl.com/3vaahhm 



\ 1 H 



# MORE THAN IRANIAN PIPES ARE LEAKING 

Anonymous Leaks 10,000 E-mails of Iranian Government : Read More ~ http://tinyurl.com/3fz292t 

# CHINA CHIPS AWAY AT GMAIL ACCOUNTS 

Chinese Hacker Cracks Hundreds of Gmail Accounts of U.S. & Asia : Read More ~ http://tinyurl.com/4y39gwd 



# LIBERAL 

PBS.org was 
did it! Read } 



# INSTEAD OF THROWING POPCORN, UNHAPPY MOVIE GOER HACKS UPCOMING MOVIE 

Shahrukh Khan's upcoming Movie - Ra One Official Website hacked : Shahrukh Khan's website touting the new 
movie was hacked and defaced. Read More ~ http://tinyurl.com/3z45of9 

# GMA-7 television networks Hacked 

GMA-7 tv website, twitter & Facebook hacked by D4RKB1T : Read More ~ http://tinyurl.com/3cl4cvr 
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# MICROSOFT ROBS THE CRADLE AND IGNORES CHILD LABOR LAWS! 

14 Year Old Hacker Hired by Microsoft after doing phishing via Call of Duty Server !: A 14 year old who impressed 
Microsoft with his hacking talent was hired by Microsoft to learn the more legitimate ways of the internet. Read More 
~ http://tinyurl.com/3tx9j51 




# DEFENSE CONTRACTORS LEFT DEFENSELESS BY HACKERS! 

Hackers broke into Lockheed Martin networks & U.S. defense contractors ! The extent and the type of data has not 
been released. : Read More ~ http://tinyurl.com/3etfn9p 



If 



# THERE'S A DRAGON AT COMODO AND THEY CAN'T CATCH HIM! 

Comodo Hacked - Reseller private data exposed ! : Read More ~ http://tinyurl.com/4yg24ah 



mi 




# ANONYMOUS TELLS THE US CHAMBER TO BUTT OUT 

Anonymous Takes Down U.S. Chamber Of Commerce for PROTECT IP Act : After the Chamber decided to help the 
government invade our privacy and information on the internet, they were hacked. Read More ~ 
http://tinyurl.com/42tna2g 



# INDIA'S OFFICIAL WEBSITE HACKS RISING IN NUMBER 

200+ Important & Some Govt. Websites of India Hacked by XtReMiSt : Read More ~ http://tinyurl.com/31fz7j3 



# MODERN DAY THIEVES NO LONGER HAVE TO PICK YOUR POCKET FOR YOUR CREDIT CARDS 

Role of Hacking in Stealing and Selling Credit Cards ! Lots of reports of internet hacking resulting in the loss of credit 
card information: Read More ~ http://tinyurl.com/3c99j8a 



#FACEBOOK BUGS ITSELF 

Facebook Prepares to Launch Bug Bounty Program! Facebook wants "legitimate" reporting of their security flaws : 
Read More ~ http://tinyurl.com/44ce8ry 



# ONCE AGAIN NASA HACKED OUT OF THIS WORLD! 

TinKode Hack FTP of NASA Goddard Space Flight Center ! : Read More ~ http://tinyurl.com/3srxcck 



# HACKERS ITCHING FOR A CHANCE TO SWEAR AT YOUR FACEBOOK FRIENDS! 

New Facebook Scam : WTF I can't believe you're in this video ! Hackers want Facebook users to click on links that 
will spread a nasty message to the users friends. : Read More ~ http://tinyurl.com/3pdq9ga 



# WE DIDN'T KNOW OSAMA HAD SO MANY FRIENDS! 

Ronaldinho website hacked by Osama bin Laden supporter ! : Read More ~ http://tinyurl.com/3nakz6m 
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# HACKERS DON'T PLAY ETHICAL WITH APPIN 

Appin (Information Security and Ethical Hacking Training) hacked once again ! : 
Read More ~ http://tinyurl.com/3m2w28y 
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# LULZSEC TALKS NONSENSE BY RELEASING NONSENSICAL INFO! 

LulzSec Hack & Leak pointless ATM information ! : Read More ~ http://tinyurl.com/63wft98 

# IT IS CLEAR THE DOD AND OTHER US GOVERNMENT AGENCIES ARE PRETTY DEFENSELESS 

Exclusive Report : Is Department of Defense (DoD), Pentagon, NASA, NSA is Secure ? Agencies scramble to secure 
websites and important data. : Read More ~ http://tinyurl.com/66w73zu 

# PAKISTAN AND INDIA TAKE IT OFF THE BATTLE FIELD AND ONTO THE INTERNET 

Pakistan Cyber Army got hacked by Indian Cyber Army (Indishell) : Read More ~ http://tinyurl.com/3tyo3se 



# PAKISTAN AND INDIA JUST CAN'T LEAVE EACH OTHER ALONE! 

Channel [V] INDIA website HacKeD By MaDnl ( Pak Cyber Army ) : Read More ~ http://tinyurl.com/3brn27h 




# FOX NEWS IS OUT FOXED BY HACKERS! 
Hackers release usernames, passwords of several FOX.com affiliate employees ! 
: Read More ~ http://tinyurl.com/3zuh2e6 



I 



# IT'S NOT A GOOD SIGN WHEN THE HACKERS ARE BEING HACKED 

Anonymous IRC networks - irc.anonops.net & irc.anonops.ru Hacked ! : Read More ~ http://tinyurl.com/3br4v2c 



# INDIA'S LEADING IT COMPANIES NO LONGER PATTING THEMSELVES ON THE BACK! 

India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure ! : Read More 
http://tinyurl.com/6h92s6a 



# THE X FACTOR IS X'D OUT BY HACKERS! 

X Factor Leaked Contestants Database, Available for Download ! : Read More ~ http://tinyurl.com/42fvwjj 



# THE NEWS MAKERS ARE MAKING NEWS OF THEMSELVES (AND THEIR CUSTOMERS!) 

Paktribune.com compromised, 800+ emails/passwords Exposed ! : Read More ~ http://tinyurl.com/3jn713e 

HACKING CREDIT CARD INFO AND PAYMENTS SPREAD WORLDWIDE 
CCAvenue payment gateway hacked ! : Read More ~ http://tinyurl.com/3psscxq 
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BackjTrack 




Released! 



For all those who was waiting for BackTrack 5. Finally the "Revolution" Edition Released on 
10th May. BT5 have KDE (4.6) and Gnome (2.6) Desktop environment flavors, 32 and 64 bit 
support, A basic ARM BackTrack image which can be chrooted into from android enabled de- 
vices, The 32 and 64 bit images support "Forensics Mode", which boots a forensically sound in- 
stance of BackTrack and "Stealth mode", which boots without generating network traffic and 
yes, Metasploit 3.7.0 packaged into BT5. Download : http://tinyurl.com/3jfqlv7 

Tools Updates -THN 

• John The Ripper 1 .7.7 Jumbo 5 : http://tinyurl.com/3ldybr2 

• Ani-Shell v1.0 - PHP shell : http://tinyurl.com/3t4zgdr 

• Facebook Password Extractor : http://tinyurl.com/3n643sb 

• Wireshark 1.4.7 & Wireshark 1.2.17 Released : http://tinyurl.com/3nv8fo6 

• md5deep and hashdeep - Latest version 3.9.1 Released : http://tinyurl.com/3bvuj5b 

• QuickRecon v0.3.1 - Latest Version Download : http://tinyurl.com/3ppjbzh 

• Pesca 0.75 Local Stealer - Download : http://tinyurl.com/3gm3rrk 

• ROOTWORM Linux Auto rooter for 2010 kernel : http://tinyurl.com/3s87b8l 

• Origami 1.0 released - Pdf manipulation framework : http://tinyurl.com/4yh9hlh 

• ROOTWORM Linux Auto rooter for 2009 kernel : http://tinyurl.com/3glrmmv 

• Fimap v.0.9 released - Local & Remote file inclusion auditing Tool : http://tinyurl.com/3rczwfb 

• Impassioned Framework Download : http://tinyurl.com/3d5sayq 

• Arachni v.0.2.3 - Web Application Security Scanner Framework : http://tinyurl.com/3m9qvwr 

• BlackHole Exploit Kit 1.0.2 - Download : http://tinyurl.com/6gczrq5 

• Unknown Exploit Kit (Crimeware) leaked : http://tinyurl.com/3mme4ar 

• OpenDNSSEC 1.3.0rc2 new Version released : http://tinyurl.com/3z4g4st 

• RKAnalyzer - kernel level rootkit analyzer : http://tinyurl.com/3k7z7ql 

• The Social-Engineer Toolkit v1 .4 latest Version : http://tinyurl.com/6xq3t42 

• Metasploit Framework 3.7.1 Released : http://tinyurl.com/3h3e4aj 

• QuickRecon v0.3 version released : http://tinyurl.com/3sqbmvd 

• Crimepack 3.1.3 Exploit kit Leaked : http://tinyurl.com/3uq6h9b 

• Qualys and Malware Analyser - Online malware scanning engine : http://tinyurl.com/3jx3og5 

• 26 Underground Hacking Exploit Kits available for Download : http://tinyurl.com/5u2w8st 

• Source code of ZeuS Botnet Version: 2.0.8.9 : http://tinyurl.com/3m9clqt 

• SWFRETools 1.1.0 - Adobe Flash SWF file reverse engineering : http://tinyurl.com/3gbhxgr 

• Fiddler v2. 3. 3. 3 New version released : http://tinyurl.com/3ewjw5h 
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©ufferEone - Internet Security Tool 

If you work Online then you have to be Secure from unauthorized access... I Just 
Tell you about one Software Name BufferZone.. Its Differ & Secure...! ! Easy to 
Use... 
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How BufferZone Works? 

BufferZone creates an isolated environment called the Virtual Zone. The Virtual 
Zone "buffers" your PC from all forms of known or unknown attacks that origi- 
nate from the Internet and external devices. All of your private information is se- 
cured in a trusted and separated environment. 

How does BufferZone Technology work? 

When you use the Internet, programs from the Web can enter your PC uninvited 
or invited (by downloading). In order to run, these programs make modifications 
to your hard drive and registry (operating system). Usually such modifications 
are harmless. However, when they're not, infected programs or files can do seri- 
ous damage to your computer. 

So BufferZone Is More Helpful In Computer Security Way.. And Its free To 
Use..!! Download link : http://www.trustware.com/download/ 

By : 

Priyanshu, 

Certified Ethical Hacker , Cyber Security Expert & Cyber Law Expert. 
Contact him » priyanshu@cyber-india.in 
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We will be back in JULY ! 



Dear Readers, 

Thank you for being a part of a movement of aware- 
ness and change. Your support, participation and encouragement 
is why we continue to make THE HACKER NEWS' the best source 
of internet security on the web. 



Together we can bring forward the information we need to 
have a sustainable and healthy world. We can't wait to bring you 
next month's edition, "Cyber War" that will cover in depth, About 
the usage of Information Technology for Cyber war. You won't 
want to miss it ! 



Please forward our magazine to friends, co-workers, bosses, family 
and businesses you know would enjoy reading and learning about 
internet security, Current Happenings, Updates and the who's who 
of the internet world. In the meantime, Thank you. you rock ! 



The Hacker News Team 



Contact Us 



# Email Us you Feedback/Articles at thehackemews@gmail.com 

# Visit our site http://www.thehackernews.com/ 

# Donate us,Keep us Strong : http://tinyurl.com/64b7xs2 

# Join our facebook page : httpyAinyurl.com/6de49r9 

# Follow us on Twitter : https^/twitter.com/#!/TheHackersNews 



